It’s that’ time of year when many of us start thinking more about egg nog and snow sleds than cyber security and business, there are a few of you out there making effort to predict what 2016 has in store for our industry. And with much respect to those who can predict these trends with much greater accuracy (see here, here and here) I would like to go out on a limb here and make my prediction for 2016. There will be more of the same throughout 2016 from an IT and security perspective.
While many of the predictions focus on how the technology and privacy landscape will evolve increasingly throughout the year, including perhaps the affect that IOT and data breaches will have on consumers, what often goes unnoticed is how relatively immune IT departments are to these micro changes. Unfortunately, or fortunately depending on your views, the reality is that rate of change and innovation in IT departments is painfully slow. There is too much legacy data and applications to deal with to see any real profound changes occurring in IT land. If I were placing bets, that would be my #1 assumption to bet the farm on. So what else will remain constant in 2016 in IT shops across the globe?
1.) Enterprise IT will remain mired in legacy IAM
Throughout 2016, in spite of incredible tech advances in cloud IAM and IDaaS, IT budgets and resources will remain constrained. Ineffective priorities will result in misallocated budgets and operational inefficiencies, which in turn allow for massive data breaches to take place. Few companies will find balance between on-prem legacy IAM and cloud identity and IDaaS solutions.
2.) There will continue to be identity provisioning silos
Let’s face it, very few IT leaders will have the influence, courage or budget to affect identity enterprise-wide. In spite of the best justifications for ROI of converged provisioning systems, companies will still fumble on this important initiative. Without converging or bridging identity and entitlement provisioning (on-prem to cloud, cloud-to-cloud, etc…) customers will continue interacting with multiple companies within a company and employee productivity continues to be affected.
3.) Egos and politics will remain a major obstacle to progress
IAM has typically been compartmentalized inside of InfoSec without enjoying more than the bare minimum budget and resources allocated to it. When operations gets their hands on IAM, it builds a moat around it and safeguards the land grab with an unimpressive KTLO budget. Grubby ops or apps directors (with little expertise of IAM) might use their newly acquired responsibility to build his or her influence and budget, only to “repurpose” won budget dollars towards other pet projects. With operations and security leaders unable to align on priorities, it will continue to put sensitive data and applications at risk.
4.) Complexity hinders efficiency and speed
In defense of IT shops who argue that complex technologies are difficult and expensive to integrate and maintain, it simply is one of the most difficult challenges we will face in the coming years. By one account, “90% of the world’s data has been created within the last year, but as an industry, we’re only using 1% of that.” As this proliferation continues, organizations will have a difficult time knowing where they are exposed and to what extent, unless proper IAM solutions are put in place. To add to the challenge, the number of SaaS applications used by both sanctioned and shadow IT users increases, the rate of adopting cloud security solutions remains relatively flat.
5.) There continues to be a shortage of IAM and InfoSec talent
Companies who continue to build out on-prem infrastructure and services to support their IAM and InfoSec needs are already familiar with the nightmare of recruiting, training and retaining top talent to operate and manage their infrastructure. Shortage of cybersecurity talent is not only a huge issue for companies, it is a growing threat to our nation’s critical infrastructure, civilian safety and capitalism itself. In spite of President Obama having made an executive order on cybersecurity policy, it is not enough; execution is the strategy! There is no doubt in my mind that cybersecurity and IAM will become a watershed in the 2016 presidential elections and what happens with encryption standards and back doors in security/networking products is up for grabs.
We live in a world where technology was supposed to ease the burden of labor, provide us with a better sense of security and control and life long prosperous and healthy lives. The reality is that personal freedom, safety and privacy has never been more elusive than it is now. If it hasn’t already, cybersecurity and privacy must become a board room conversation as though our future depends it, because it does. It is my hope that, like Patrick Henry in 1775, that we as leaders and managers of the data we are stewards of, embrace the philosophy “Give me liberty, or give me death!” in the sense that our companies will not survive without earning and keeping our customers trust.
All the best to you and yours in 2016!